Syed Jahanzaib – Personal Blog to Share Knowledge !

September 27, 2016

Howto add Simple VPN (PPTP) Server in Ubuntu

Filed under: Linux Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 9:41 AM

VPN (PPTP) Server in Ubuntu

This post contains short notes on HOW-TO add simple pptp based VPN server in Ubuntu. It it useful in many scenarios example if you have Linux server in the office, and want to connect to it from anywhere in the world. OR you can use it in a situation where you want your billing server to act like a centralized billing system for all the remote locations NAS.

Ideally you should have static Public IP on this vpn server, but you can bypass this requirement by adding an DDNS name as well as a workaround like changeip.com. I remember that I did similar configuration at some philippine network and one at cloud.

Components Used:

OS = Ubuntu 12.4 on Cloud with static Public IP address
Clients = Windows 7 / Mikrotik Routerboards

Let’s Start…

Install PPTPD Package

Install PPTPD package in ubuntu by issuing following command

sudo apt-get -y install pptpd

Now Issue following to add vpn server options like local/remote ip addresses. I used echo command to directly insert text/data into the config files rather than editing by nano/vim. use whatever is easier for you.

# This will be the virtual ip of the vpn server
echo "localip 1.1.1.1" >> /etc/pptpd.conf

# Remote vpn client will get IP from this ip pool range
echo "remoteip 1.1.1.2-10" >> /etc/pptpd.conf

#This is to provide DNS , but in this example I really dont need natting for remote vpn client,
#as remote mikrotik will sue this server for radius autehnticaiton only, not as there default gateway 🙂
echo "ms-dns 8.8.8.8" >> /etc/pptpd.conf

Add a TEST account for client in /etc/ppp/chap-secrets

echo "YOURID pptpd YOURPASSWORD *" >> /etc/ppp/chap-secrets

Description:

YOURID = username for remote vpn client
pptpd = service type
YOURPASS = Password for remote vpn client
* = any ip from the pool, if you want to provide same ip to client every time, add ip like 1.1.1.2

TIP:
To Assign static ip to any remote vpn client

To assign static ip to remove vpn client, you can use following

zaibid pptpd zaibpassword 192.168.100.25

Finally restart pptpd service …

/etc/init.d/pptpd restart

Make sure the service is started

service pptpd status

or

ps aux |grep pptpd

If you see it’s running, our Server End is probably OK.

VPN CLIENT in WINDOWS 7

Create a VPN dialer in Windows

Snapshots just for reference …

windows-7-vpn-client

VPN (pptp) CLIENT in Mikrotik RouterOS

vpn-connected-from-mikrotik-client

VPN Server Log Window.

(You can enable log in by uncomment word #debug in /etc/pptpd.conf)

tail -f /var/log/syslog
[Ubuntu]

Sep 27 04:15:22 radius pptpd[7582]: MGR: Launching /usr/sbin/pptpctrl to handle client
Sep 27 04:15:22 radius pptpd[7582]: CTRL: local address = 192.168.0.1
Sep 27 04:15:22 radius pptpd[7582]: CTRL: remote address = 192.168.0.234
Sep 27 04:15:22 radius pptpd[7582]: CTRL: pppd options file = /etc/ppp/pptpd-options
Sep 27 04:15:22 radius pptpd[7582]: CTRL: Client X.X.X.X control connection started
Sep 27 04:15:22 radius pptpd[7582]: CTRL: Received PPTP Control Message (type: 1)
Sep 27 04:15:22 radius pptpd[7582]: CTRL: Made a START CTRL CONN RPLY packet
Sep 27 04:15:22 radius pptpd[7582]: CTRL: I wrote 156 bytes to the client.
Sep 27 04:15:22 radius pptpd[7582]: CTRL: Sent packet to client
Sep 27 04:15:22 radius pptpd[7582]: CTRL: Received PPTP Control Message (type: 7)
Sep 27 04:15:22 radius pptpd[7582]: CTRL: Set parameters to 10000000 maxbps, 100 window size
Sep 27 04:15:22 radius pptpd[7582]: CTRL: Made a OUT CALL RPLY packet
Sep 27 04:15:22 radius pptpd[7582]: CTRL: Starting call (launching pppd, opening GRE)
Sep 27 04:15:22 radius pptpd[7582]: CTRL: pty_fd = 6
Sep 27 04:15:22 radius pptpd[7582]: CTRL: tty_fd = 7
Sep 27 04:15:22 radius pptpd[7582]: CTRL: I wrote 32 bytes to the client.
Sep 27 04:15:22 radius pptpd[7582]: CTRL: Sent packet to client
Sep 27 04:15:22 radius pptpd[7583]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
Sep 27 04:15:22 radius pptpd[7583]: CTRL (PPPD Launcher): local address = 192.168.0.1
Sep 27 04:15:22 radius pptpd[7583]: CTRL (PPPD Launcher): remote address = 192.168.0.234
Sep 27 04:15:22 radius pppd[7583]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Sep 27 04:15:22 radius pppd[7583]: pppd 2.4.5 started by root, uid 0
Sep 27 04:15:22 radius pppd[7583]: Using interface ppp0
Sep 27 04:15:22 radius pppd[7583]: Connect: ppp0 <--> /dev/pts/1
Sep 27 04:15:22 radius pptpd[7582]: GRE: Bad checksum from pppd.
Sep 27 04:15:22 radius pptpd[7582]: GRE: accepting packet #0
Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #1
Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #2
Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #3
Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #4
Sep 27 04:15:23 radius pppd[7583]: peer from calling number "X.X.X.X" authorized
Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #5
Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #6
Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #7
Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #8
Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #9
Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #10
Sep 27 04:15:23 radius pppd[7583]: MPPE 128-bit stateless compression enabled
Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #11
Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #12
Sep 27 04:15:24 radius pptpd[7582]: GRE: accepting packet #13
Sep 27 04:15:24 radius pptpd[7582]: GRE: accepting packet #14
Sep 27 04:15:24 radius pppd[7583]: Cannot determine ethernet address for proxy ARP
Sep 27 04:15:24 radius pppd[7583]: local IP address 192.168.0.1
Sep 27 04:15:24 radius pppd[7583]: remote IP address 192.168.0.234
Sep 27 04:15:52 radius pptpd[7582]: CTRL: Received PPTP Control Message (type: 5)
Sep 27 04:15:52 radius pptpd[7582]: CTRL: Made a ECHO RPLY packet
Sep 27 04:15:52 radius pptpd[7582]: CTRL: I wrote 20 bytes to the client.
Sep 27 04:15:52 radius pptpd[7582]: CTRL: Sent packet to client
Sep 27 04:15:53 radius pptpd[7582]: GRE: accepting packet #15

TIP:

Forward PPTP port from mikrotik to local VPN server


/ip firewall nat
add action=dst-nat chain=dstnat comment="Forward PPTP protocol TCP/1723 to Local Radius where VPN server is configured" dst-address=PUBLI.IP dst-port=1723 protocol=tcp \
to-addresses=192.168.100.1

4 Comments »

  1. thanks u too much dear Bro……waiting for this for long time

    Like

    Comment by patel Deepak — September 27, 2016 @ 10:10 AM

    Reply

  2. Internet is not working after connection!

    Like

    Comment by Jahanzeb Abbasi — September 27, 2016 @ 10:56 AM

    Reply

    • internet shouldn’t be working as I already explained in the comments. If you make a habit of FOCUSING while READING and not skipping the COMMENTS, you should have already know why its not working.

      In this example I clearly mentioned that its just to access the server itself only, not for internet. for internet you should add some iptables base rules in order to masquerade traffic. examples are here.
      https://help.ubuntu.com/community/PPTPServer

      Like

      Comment by Syed Jahanzaib / Pinochio~:) — September 27, 2016 @ 11:06 AM

      Reply

      • yeah i have add rules after adding rules internet is working! softether vpn server is good option for remote connectivity!

        Like

        Comment by Jahanzeb Abbasi — September 27, 2016 @ 12:31 PM


RSS feed for comments on this post. TrackBack URI

Leave a reply to Syed Jahanzaib / Pinochio~:) Cancel reply